Hold Security, a Wisconsin-based security firm famous for obtaining troves of stolen data from the hacking underworld, announced on Wednesday, that it had persuaded a fraudster to give them a database of 272m unique email addresses along with the passwords consumers use to log in to websites. The database of 272.3 million stolen accounts includes a majority of users of Mail.ru, Russia’s most popular email service, and smaller fractions of Google, Yahoo and Microsoft email users, said Alex Holden, founder and chief information security officer of Hold Security. The hacker seems to have collected the stolen email ids and passwords from various smaller, less secure websites where people use their email addresses along with a password to log in according to Holden. Holden says that users who use a different password for both their email account and, say, Target.com, won’t be affected. But those who tend to use the same password for multiple sites as well as their email should change their email password. Holden said there is no way for the users to check if their emails were included in his firm’s latest find. In 2014, when his firm tried to set up such a service after obtaining a billion hacked login credentials, his site crashed. Holden says the hacker in this case seemed to target Russian users though other nationals were targeted as well, but in smaller numbers. Russian email addresses and passwords for the bulk of the 272.3 million database with some 57m of the email addresses from Russia’s largest email provider mail.ru, which claims 100 million monthly users. Around 40m of the addresses were Yahoo Mail, 33m Hotmail and 24m for Google’s Gmail service. Holden says that they contacted the hacker after he was found bragging about his massive database on internet chat forums. He seem to be in a hurry to sell the mega trove of login credentials when Holden approached him. Holden, who is fluent in Russian, said he wouldn’t pay for the data but would give him “likes” on various social media posts in exchange. The hacker, who apparently is quite young, agreed. “We kind of call him the collector,” Holden says in a heavy Russian accent. “Eventually, almost everyone gets breached.”
